Attachment #141826 for bug #207421

Lines 1178-1183 struct request_sock; Link Here

(-)include/linux.org/security.h (+8 lines)
1178	* allow module stacking.	1178	* allow module stacking.
1179	* @name contains the name of the security module being stacked.	1179	* @name contains the name of the security module being stacked.
1180	* @ops contains a pointer to the struct security_operations of the module to stack.	1180	* @ops contains a pointer to the struct security_operations of the module to stack.
		1181	* @unregister_security:
		1182	* remove a stacked module.
		1183	* @name contains the name of the security module being unstacked.
		1184	* @ops contains a pointer to the struct security_operations of the module to unstack.
1181	*	1185	*
1182	* @secid_to_secctx:	1186	* @secid_to_secctx:
1183	* Convert secid to security context.	1187	* Convert secid to security context.
Lines 1365-1370 struct security_operations { Link Here
1365	/* allow module stacking */	1369	/* allow module stacking */
1366	int (register_security) (const char name,	1370	int (register_security) (const char name,
1367	struct security_operations *ops);	1371	struct security_operations *ops);
		1372	int (unregister_security) (const char name,
		1373	struct security_operations *ops);
1368		1374
1369	void (d_instantiate) (struct dentry dentry, struct inode *inode);	1375	void (d_instantiate) (struct dentry dentry, struct inode *inode);
1370		1376
Lines 1445-1451 struct security_operations { Link Here
1445	/* prototypes */	1451	/* prototypes */
1446	extern int security_init (void);	1452	extern int security_init (void);
1447	extern int register_security (struct security_operations *ops);	1453	extern int register_security (struct security_operations *ops);
		1454	extern int unregister_security (struct security_operations *ops);
1448	extern int mod_reg_security (const char name, struct security_operations ops);	1455	extern int mod_reg_security (const char name, struct security_operations ops);
		1456	extern int mod_unreg_security (const char name, struct security_operations ops);
1449	extern struct dentry securityfs_create_file(const char name, mode_t mode,	1457	extern struct dentry securityfs_create_file(const char name, mode_t mode,
1450	struct dentry parent, void data,	1458	struct dentry parent, void data,
1451	const struct file_operations *fops);	1459	const struct file_operations *fops);

Lines 908-913 static int dummy_register_security (cons Link Here

(-)security.org/dummy.c (+6 lines)
908	return -EINVAL;	908	return -EINVAL;
909	}	909	}
910		910
		911	static int dummy_unregister_security (const char name, struct security_operations ops)
		912	{
		913	return -EINVAL;
		914	}
		915
911	static void dummy_d_instantiate (struct dentry dentry, struct inode inode)	916	static void dummy_d_instantiate (struct dentry dentry, struct inode inode)
912	{	917	{
913	return;	918	return;
Lines 1082-1087 void security_fixup_ops (struct security Link Here
1082	set_to_dummy_if_null(ops, netlink_send);	1087	set_to_dummy_if_null(ops, netlink_send);
1083	set_to_dummy_if_null(ops, netlink_recv);	1088	set_to_dummy_if_null(ops, netlink_recv);
1084	set_to_dummy_if_null(ops, register_security);	1089	set_to_dummy_if_null(ops, register_security);
		1090	set_to_dummy_if_null(ops, unregister_security);
1085	set_to_dummy_if_null(ops, d_instantiate);	1091	set_to_dummy_if_null(ops, d_instantiate);
1086	set_to_dummy_if_null(ops, getprocattr);	1092	set_to_dummy_if_null(ops, getprocattr);
1087	set_to_dummy_if_null(ops, setprocattr);	1093	set_to_dummy_if_null(ops, setprocattr);





	  If you are unsure how to answer this question, answer N.

config SECURITY_MODULAR
	bool "Allow loadable security models"
	depends on SECURITY
	help
	  This allows you to load and unload security modules at
	  runtime.

	  This option is useful for developers of security modules
	  or for experimenting with security modules that are not in
	  your kernel (yet). Note that (un)loading security modules
	  can be a dangerous situation so use with care.

	  If you are unsure how to answer this question, answer N.

config SECURITY_NETWORK
	bool "Socket and Networking Security Hooks"
	depends on SECURITY




 *
 * This function is to allow a security module to register itself with the
 * kernel security subsystem.  Some rudimentary checking is done on the @ops
 * value passed to this function.  A call to unregister_security() should be
 * done to remove this security_options structure from the kernel.
 *
 * If there is already a security module registered with the kernel,
 * an error will be returned.  Otherwise 0 is returned on success.

	return security_ops->register_security(name, ops);
}

#ifdef CONFIG_SECURITY_MODULAR
/**
 * unregister_security - unregisters a security framework with the kernel
 * @ops: a pointer to the struct security_options that is to be registered
 *
 * This function removes a struct security_operations variable that had
 * previously been registered with a successful call to register_security().
 *
 * If @ops does not match the valued previously passed to register_security()
 * an error is returned.  Otherwise the default security options is set to the
 * the dummy_security_ops structure, and 0 is returned.
 */
int unregister_security(struct security_operations *ops)
{
	if (ops != security_ops) {
		printk(KERN_INFO "%s: trying to unregister "
		       "a security_opts structure that is not "
		       "registered, failing.\n", __FUNCTION__);
		return -EINVAL;
	}

	security_ops = &dummy_security_ops;

	return 0;
}

/**
 * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
 * @name: a pointer to a string with the name of the security_options to be removed
 * @ops: a pointer to the struct security_options that is to be removed
 *
 * This function allows security modules that have been successfully registered
 * with a call to mod_reg_security() to be unloaded from the system.
 * This calls the currently loaded security module's unregister_security() call
 * with the @name and @ops variables.
 *
 * The return value depends on the currently loaded security module, with 0 as
 * success.
 */
int mod_unreg_security(const char *name, struct security_operations *ops)
{
	if (ops == security_ops) {
		printk(KERN_INFO "%s invalid attempt to unregister "
		       " primary security ops.\n", __FUNCTION__);
		return -EINVAL;
	}

	return security_ops->unregister_security(name, ops);
}

EXPORT_SYMBOL_GPL(register_security);
EXPORT_SYMBOL_GPL(unregister_security);
EXPORT_SYMBOL_GPL(mod_reg_security);
EXPORT_SYMBOL_GPL(mod_unreg_security);
#endif

/* Security operations */

int security_ptrace(struct task_struct *parent, struct task_struct *child)




	return 0;
}

static int selinux_unregister_security (const char *name, struct security_operations *ops)
{
	if (ops != secondary_ops) {
		printk(KERN_ERR "%s:  trying to unregister a security module "
		        "that is not registered.\n", __FUNCTION__);
		return -EINVAL;
	}

	secondary_ops = original_ops;

	return 0;
}

static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
{
	if (inode)

	.sem_semop =			selinux_sem_semop,

	.register_security =		selinux_register_security,
	.unregister_security =		selinux_unregister_security,

	.d_instantiate =                selinux_d_instantiate,


Return to bug 207421

Lines 4549-4554 static int selinux_register_security (co Link Here

(-)security.org/selinux/hooks.c (+14 lines)
4549	return 0;	4549	return 0;
4550	}	4550	}
4551		4551
		4552	static int selinux_unregister_security (const char name, struct security_operations ops)
		4553	{
		4554	if (ops != secondary_ops) {
		4555	printk(KERN_ERR "%s: trying to unregister a security module "
		4556	"that is not registered.\n", __FUNCTION__);
		4557	return -EINVAL;
		4558	}
		4559
		4560	secondary_ops = original_ops;
		4561
		4562	return 0;
		4563	}
		4564
4552	static void selinux_d_instantiate (struct dentry dentry, struct inode inode)	4565	static void selinux_d_instantiate (struct dentry dentry, struct inode inode)
4553	{	4566	{
4554	if (inode)	4567	if (inode)
Lines 4895-4900 static struct security_operations selinu Link Here
4895	.sem_semop = selinux_sem_semop,	4908	.sem_semop = selinux_sem_semop,
4896		4909
4897	.register_security = selinux_register_security,	4910	.register_security = selinux_register_security,
		4911	.unregister_security = selinux_unregister_security,
4898		4912
4899	.d_instantiate = selinux_d_instantiate,	4913	.d_instantiate = selinux_d_instantiate,
4900		4914

Lines 51-56 config SECURITY Link Here

(-)security.org/Kconfig (+14 lines)
51		51
52	If you are unsure how to answer this question, answer N.	52	If you are unsure how to answer this question, answer N.
53		53
		54	config SECURITY_MODULAR
		55	bool "Allow loadable security models"
		56	depends on SECURITY
		57	help
		58	This allows you to load and unload security modules at
		59	runtime.
		60
		61	This option is useful for developers of security modules
		62	or for experimenting with security modules that are not in
		63	your kernel (yet). Note that (un)loading security modules
		64	can be a dangerous situation so use with care.
		65
		66	If you are unsure how to answer this question, answer N.
		67
54	config SECURITY_NETWORK	68	config SECURITY_NETWORK
55	bool "Socket and Networking Security Hooks"	69	bool "Socket and Networking Security Hooks"
56	depends on SECURITY	70	depends on SECURITY

Lines 71-77 int __init security_init(void) Link Here

(-)security.org/security.c (-1 / +58 lines)
71	*	71	*
72	* This function is to allow a security module to register itself with the	72	* This function is to allow a security module to register itself with the
73	* kernel security subsystem. Some rudimentary checking is done on the @ops	73	* kernel security subsystem. Some rudimentary checking is done on the @ops
74	* value passed to this function.	74	* value passed to this function. A call to unregister_security() should be
		75	* done to remove this security_options structure from the kernel.
75	*	76	*
76	* If there is already a security module registered with the kernel,	77	* If there is already a security module registered with the kernel,
77	* an error will be returned. Otherwise 0 is returned on success.	78	* an error will be returned. Otherwise 0 is returned on success.
Lines 121-126 int mod_reg_security(const char *name, s Link Here
121	return security_ops->register_security(name, ops);	122	return security_ops->register_security(name, ops);
122	}	123	}
123		124
		125	#ifdef CONFIG_SECURITY_MODULAR
		126	/**
		127	* unregister_security - unregisters a security framework with the kernel
		128	* @ops: a pointer to the struct security_options that is to be registered
		129	*
		130	* This function removes a struct security_operations variable that had
		131	* previously been registered with a successful call to register_security().
		132	*
		133	* If @ops does not match the valued previously passed to register_security()
		134	* an error is returned. Otherwise the default security options is set to the
		135	* the dummy_security_ops structure, and 0 is returned.
		136	*/
		137	int unregister_security(struct security_operations *ops)
		138	{
		139	if (ops != security_ops) {
		140	printk(KERN_INFO "%s: trying to unregister "
		141	"a security_opts structure that is not "
		142	"registered, failing.\n", __FUNCTION__);
		143	return -EINVAL;
		144	}
		145
		146	security_ops = &dummy_security_ops;
		147
		148	return 0;
		149	}
		150
		151	/**
		152	* mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
		153	* @name: a pointer to a string with the name of the security_options to be removed
		154	* @ops: a pointer to the struct security_options that is to be removed
		155	*
		156	* This function allows security modules that have been successfully registered
		157	* with a call to mod_reg_security() to be unloaded from the system.
		158	* This calls the currently loaded security module's unregister_security() call
		159	* with the @name and @ops variables.
		160	*
		161	* The return value depends on the currently loaded security module, with 0 as
		162	* success.
		163	*/
		164	int mod_unreg_security(const char name, struct security_operations ops)
		165	{
		166	if (ops == security_ops) {
		167	printk(KERN_INFO "%s invalid attempt to unregister "
		168	" primary security ops.\n", __FUNCTION__);
		169	return -EINVAL;
		170	}
		171
		172	return security_ops->unregister_security(name, ops);
		173	}
		174
		175	EXPORT_SYMBOL_GPL(register_security);
		176	EXPORT_SYMBOL_GPL(unregister_security);
		177	EXPORT_SYMBOL_GPL(mod_reg_security);
		178	EXPORT_SYMBOL_GPL(mod_unreg_security);
		179	#endif
		180
124	/* Security operations */	181	/* Security operations */
125		182
126	int security_ptrace(struct task_struct parent, struct task_struct child)	183	int security_ptrace(struct task_struct parent, struct task_struct child)